Sikur is defining the future of secure communication. Operating globally, it has offices in Latin America, United States, and Europe. Sikur works alongside governments and corporations that believe security is fundamental to the integrity of their work. We believe that security is not only about platforms and digital systems but is a mindset that surrounds every aspect of business.

A malware attack on Wolters Kluwer, a popular tax and accounting software platform, has left many in the accounting world unable to work this week and sparked concerns about the security of the tax return and financial information stored on the company’s cloud servers.

Wolters Kluwer provides software and services to all of the top 100 accounting firms in the U.S., 90% of top global banks and 93% of Fortune 500 companies, according to its web site. Many of its tax and accounting services, as well as vital storage services, have been down since early Monday morning, leaving customers unable to work, access customer tax returns or personal information, during a busy filing period (taxes for non-profit organizations are due May 15). The approximately $4.8 billion company is headquartered in The Netherlands.

While the company did not comment on how many of its customers were impacted by the downtime, CNBC spoke to accountants and cybersecurity specialists across the U.S., from the biggest firms down to independent operations, who described significant and ongoing problems accessing their customers’ data. One accountant at a large, Midwest-based accounting firm, said that the accounting world was in a “quiet panic” over the attack. This person requested anonymity to protect his clients.

“We have a really close relationship with our customers, and we understand that this situation impacted their day-to-day work,” Elizabeth Queen, vice president of risk management for Wolters Kluwer, told CNBC. “We’re working around the clock to restore service, and we want to provide them the assurance that we can restore service safely. We’ve made very good progress so far.” Queen said the company has contacted authorities and third-party forensic teams to investigate the incident.

Queen reiterated a written statement issued yesterday by the company, which said “We have seen no evidence that customer data was taken or that there was a breach of confidentiality of that data. Also, there is no reason to believe that our customers have been infected through our platforms and applications. Our investigation is ongoing.”

Difficult communication and inaccessible data

The attack started around 8am Eastern Time on Monday. Queen said she could not yet release information on the specific type of attack against the company. But the incident is reminiscent of the NotPetya ransomware attacks of 2017, which spread quickly throughout firms, knocking out services including voice and email, and rendering huge databases of documents inaccessible.

Researchers have uncovered what they say is the very first malware to achieve persistence in Microsoft Exchange email servers, which allows attackers to secretly execute commands via malicious emails featuring attachments with hidden code.

Dubbed LightNeuron, the furtive backdoor has been targeting Exchange servers since at least 2014, according to a blog post from ESET, whose researchers have provisionally linked the threat to the Russian cyber espionage group Turla. ESET discovered the backdoor on three victims: an unidentified Brazilian organization, a Ministry of Foreign Affairs in Eastern Europe and a regional diplomatic organization in the Middle East.

In addition to the confirmed Windows-based version, ESET believes there may be a Linux variant in use as well, based on artifacts turned up during its investigation.

The key to LightNeuron’s persistence technique is its ability to leverage “transport agents,” which according to Microsoft are tools that let users install custom software on Exchange servers and then process email messages that pass through the transport pipeline. These Transport Agents are granted the same level of trust as spam filters and other security products, ESET explains, which makes a successful infection all the more dangerous and hard to detect.

Using XML-based rules, a LightNeuron Transport Agent can interfere with a victim’s emails in a variety of ways — blocking them; composing and sending new ones; modifying their content, subjects and recipients; replacing attachments and more.

But the attackers’ can do much more than alter emails. They can also send commands via the compromised Exchange program, enabling them to write executables, launch executables and processes, delete or exfiltrate sensitive files and essentially control local machines via its command-and-control infrastructure.

To achieve this, the attackers simply send an email with a specially crafted PDF document or JPG image to any email address belonging to the infected organization. The commands inside these attached documents are hidden using steganography techniques.

“Once an email is recognized as a command email, the command is executed and the email is blocked directly on the Exchange server. Thus, it is very stealthy and the original recipient will not be able to view it,” states the blog post, authored by ESET researcher Matthieu Faou. Faou also penned an accompanying white paper that further details the threat.

Binance, one of the largest cryptocurrency exchanges in the world, confirmed today that the company lost nearly $41 million in Bitcoin in what appears to be its largest hack to date.

In a statement, Binance’s CEO Changpeng Zhao said the company discovered a “large scale security breach” earlier on May 7, as a result of which hackers were able to steal roughly 7000 bitcoins, which worth 40.6 million at the time of writing.

News of the hack comes just hours after Zhao tweeted that Binance has “to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple of hours.”

According to the company, malicious attackers used a variety of attack techniques, including phishing and computer viruses, to carry out the intrusion and were able to breach a single BTC hot wallet (a cryptocurrency wallet that’s connected to the Internet), which contained about 2% of the company’s total BTC holdings, and withdraw stolen Bitcoins in a single transaction.

What’s more disturbing is that the company admitted the hackers managed to get their hands on user critical information, such as API keys, two-factor authentication codes, and potentially other information, which is required to log in to a Binance account.

Zao also warned that “hackers may still control certain user accounts and may use those to influence prices.”

In a shocking revelation, it turns out that a hacking group believed to be sponsored by Chinese intelligence had been using some of the zero-day exploits linked to the NSA’s Equation Group almost a year before the mysterious Shadow Brokers group leaked them.

According to a new report published by cybersecurity firm Symantec, a Chinese-linked group, which it calls Buckeye, was using the NSA-linked hacking tools as far back as March 2016, while the Shadow Brokers dumped some of the tools on the Internet in April 2017.

Active since at least 2009, Buckeye—also known as APT3, Gothic Panda, UPS Team, and TG-0110—is responsible for a large number of espionage attacks, mainly against defence and critical organizations in the United States.

Although Symantec did not explicitly name China in its report, researchers with a high degree of confidence have previously attributed [1,2] Buckeye hacking group to an information security company, called Boyusec, who is working on behalf of the Chinese Ministry of State Security.

Symantec’s latest discovery provides the first evidence that Chinese state-sponsored hackers managed to acquire some of the hacking tools, including EternalRomance, EternalSynergy, and DoublePulsar, a year before being dumped by the Shadow Brokers, a mysterious group that’s still unidentified.

According to the researchers, the Buckeye group used its custom exploit tool, dubbed Bemstour, to deliver a variant of DoublePulsar backdoor implant to stealthily collect information and run malicious code on the targeted computers.

Benstour tool was designed to exploit two then-zero-day vulnerabilities (CVE-2019-0703 and CVE-2017-0143) in Windows to achieve remote kernel code execution on targeted computers.

Legacy software vulnerabilities have created opportunities for hackers to steal credit card data and other personal information using tiny point of sale (POS) malware, according to research published by Forcepoint.

Researchers reportedly analyzed 2,000 samples of POS malware and found that many are handcrafted, written in assembly code and very small; thus, researchers aptly named the malware TinyPOS.

Of the samples analyzed, 95% were loaders used to distribute malware to systems. In addition, researchers found that system compromises can go months without detection due to the small code size (2.7kb). Though researchers suggested that protecting against these attacks is not difficult, the issue for many organizations is that they are using old, outdated POS software and hardware that can do a lot of damage.

The samples were grouped into four categories: loaders, mappers, scrapers and cleaners, wrote Robert Neumann, senior security researcher at Forcepoint. “The most probable initial vector would be a remote hack into the POS system to deliver the Loaders. Other options could include physical access (unlikely) or a rogue auto-update to deliver a compromised file to the POS operating system.”

That attackers are targeting POS systems is nothing new, particularly because they collect large amounts of personal data. Because of their vulnerabilities, Ryan Wilk, VP of customer success for NuData Security, a Mastercard company, said POS systems have long been a prime target for cyber-criminals.

While the carrier says the issues found in 2011 and 2012 were resolved at the time, the revelation may further damage the reputation of a Chinese powerhouse.

For months, Huawei Technologies Co. has faced U.S. allegations that it flouted sanctions on Iran, attempted to steal trade secrets from a business partner and has threatened to enable Chinese spying through the telecom networks it’s built across the West.

Now Vodafone Group Plc has acknowledged to Bloomberg that it found vulnerabilities going back years with equipment supplied by Shenzhen-based Huawei for the carrier’s Italian business. While Vodafone says the issues were resolved, the revelation may further damage the reputation of a major symbol of China’s global technology prowess.

Europe’s biggest phone company identified hidden backdoors in the software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy, a system that provides internet service to millions of homes and businesses, according to Vodafone’s security briefing documents from 2009 and 2011 seen by Bloomberg, as well as people involved in the situation.

Vodafone asked Huawei to remove backdoors in home internet routers in 2011 and received assurances from the supplier that the issues were fixed, but further testing revealed that the security vulnerabilities remained, the documents show. Vodafone also identified backdoors in parts of its fixed-access network known as optical service nodes, which are responsible for transporting internet traffic over optical fibers, and other parts called broadband network gateways, which handle subscriber authentication and access to the internet, the people said. The people asked not to be identified because the matter was confidential.

The Chicago Police Department said late Wednesday it was notified by Car2go that some of the company’s vehicles may have been rented by deceptive or fraudulent means through a mobile app.

Daimler North America subsidiary Car2go is dealing with an apparent raft of vehicle thefts in Chicago and suspended the app-based service while a police investigation is underway.

The Chicago Police Department said late Wednesday it was notified by Car2go that some of the company’s vehicles may have been rented by deceptive or fraudulent means through a mobile app.

“Due to the information provided by the company, numerous vehicles have been recovered and persons of interest are being questioned,” the department said in the statement, adding 100 vehicles remain unaccounted for.

The department said 50 Mercedes-Benz vehicles remain in the Chicago area and that “over a dozen persons of interest are being questioned.”

Police said the vehicle recoveries appeared to be isolated to the city’s West Side.

A Daimler spokesman said in an email the company is working with Chicago law enforcement “to neutralize a fraud issue.”

“No personal or confidential member information has been compromised,” Daimler spokesman Michael Silverman said. “Out of an abundance of caution and safety for our members and Chicago fleet support teams we are temporarily pausing our Chicago service. We will provide an update as soon as possible, and we of course apologize to our Chicago members for the inconvenience.”
Silverman, asked whether any vehicles had been stolen, as initially reported by one news outlet, declined to comment on “an active police investigation.”

The Car2go app allows users on-demand access to a network of eco-friendly Mercedes-Benz and Smart vehicles. The company launched in the U.S. in 2009 with a fleet of Smart ForTwo vehicles. It added Mercedes-Benz CLA and GLA vehicles to its fleet in 2017.

In January, the company said it had 3.6 million members worldwide in 2018, a rise of 21 percent from the previous year. At the time, Chicago was its newest location and had more than 10,000 members sign on since the Windy City launch in July.

Car2go’s global fleet in January totaled nearly 14,000 vehicles in 25 locations in North America, Europe and Asia.

If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News.

Earlier this year, hackers managed to breach Microsoft’s customer support portal and access information related to some email accounts registered with the company’s Outlook service.

Yesterday, a user on Reddit publicly posted a screenshot of an email which he received from Microsoft warning that unknown attackers were able to access some information of his OutLook account between 1 January 2019 and 28 March 2019.

Another user on Reddit also confirmed that he/she too received the same email from Microsoft.

According to the incident notification email, as shown below, attackers were able to compromise credentials for one of Microsoft’s customer support agents and used it to unauthorisedly access some information related to the affected accounts, but not the content of the emails or attachments.

The information that a Microsoft’s customer support agent can view is limited to account email addresses, folder names, subject lines of emails, and the name of other email addresses you communicate with.